lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <1ba101c61132$ff0f7d40$0dcf0180@cegedim.cegedimgroup>
Date: Wed Jan  4 16:17:13 2006
From: romain.vergniol at cegedim.fr (Romain Vergniol)
Subject: Outlook Express 6.0 : link destination
	obfuscation

>or http://www.myBank.com+aWholeLottaJunk@...site.com

This example does not work anymore due to the recent desactivation
of this syntax by Microsoft (for http:// only, it still works for ftp://).

Romain

>Romain Vergniol wrote:
> Hello FD readers,
>
> did anyone already noticed that on Outlook Express 6.0, when a link is
> longer than 512 bytes, the destination is not displayed at all in the
> status bar ?
>
> Tested on Outlook Express 6.0 on WinXP Pro SP2 FR, does not work on 
> Outlook
> 2003 Win XP SP2 FR.
>
> Ex :
> <a href="http://www.exemple.com/+(500 random chars)">www.bank.com</a>
>
> It could be used in phishing attacks for exemple to hide real link 
> destination.
> Could it be considered as a security issue ?
>
> Kind regards,
> Romain Vergniol
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ